Resource Library

Check out the entire "7 for 10" demonstration from our Green Data Center Conference that was held February 2-4th in San Diego. 

February 18, 2010, San Diego, CA – Global Strategic Management Institute (GSMI) is offering another Green Data Center Conference- Creating the Blue Print for the Modern Green Data Center, June 15^th-17^thThe Global Strategic Management Institute’s first Green Data Center Conference was held from February 2^nd to the 4^th at the University of California, San Diego’s silver LEED certified Supercomputing Center.  The conference was a great success, bringing industry leaders and experts in green data centers together with the executives who need their help.

Energy experts estimate that data centers eat up as much as 3% of all electricity generated in the United States. Corporate, non-profit and government sector executives, who are not necessarily IT professionals, must become familiar with how resource consumption within their data center affects things like electricity usage and carbon emissions. The conference provided these executives with answers, tools, and information that they need to navigate the seemingly complex task of “greening” their data center--   including everything from improving capacity, lowering energy usage and costs, to understanding the role of the facility and how to create a master plan.

“There is an increasing need for education as it relates to innovations within Data Centers,” said Byron Mignanelli, CEO, GSMI. “We are pleased to provide an objective learning environment for leaders to share, gain insight, and create opportunities,”

The venue is San Diego’s shrine of green computing- The Supercomputer Center at University of California, San Diego.  The SDSC is an 80,000 “green” square foot expansion which was awarded LEED (Leadership in Energy and Environmental Design) Silver equivalent status, meaning it met certain optimal standards for energy efficiency across a variety of categories. It operates 53% more efficiently than California standards and earned a California Public Utilities Commission Best Practices Award at the annual UC/CSU/CCC Sustainability Conference.

June’s Green Data Center Conference will include GSMI’s coveted Go Green: 10 for 7 Demonstration Series.  When an organization makes the decision to green its data center, they are faced with a wide variety of options and products. GSMI created the 10 for 7 series to help ease the confusion.  The session gives ten experts seven minutes to give you the details on their solution of choice. Contact GSMI for more information or to book your spot: http://www.greendatacenterconference.com/

Some of June’s information sessions include: Why Go Green?, GRC and Green Data Centers, Hackers, Attackers, and Cyber Security, Initiating and Following Through on a Disaster Recovery Plan, Green Retrofitting that Can Improve Capacity & Efficiency in Your Data Center, Finding a Business and Financial Justification for Greening Your Data Center, How the Internet Giants are Getting into Energy Management, Developing and Outfitting a Master Plan for a Green Data Center, and more.

February’s Keynote speakers included: Jessica Black- Director Brightworks, Jon Flower- Vice President of Advanced Technology Adaptec, Scott Lewis- Founder and CEO Brightworks, Wayne Adams- Chairman SNIA Board of Directors, Mark Bramfitt, P.E.- Consultant Utility and Information Technology Industry Strategic Engagement, Bruce Myatt, P.E.- Director of Projects Mission Critical Facilities.  

For more information or to register for the event, go to www.greendatacenterconference.com

CONTACT:

Dana Savoca

GSMI

888.409.4418, ex. 8

Dana.Savoca@gsmiweb.com

www.greendatacenterconference.com

About Global Strategic Management Institute

The Global Strategic Management Institute (GSMI) www.gsmiweb.com is one of today’s premier executive level conference companies.  The firm develops forums, exhibitions and leadership trainings for the world’s leading business decision-makers in many areas including corporate social responsibility, compliance, marketing/branding, performance, quality and risk management, sustainable strategies, buildings a real estate development

February 12, 2010 San Diego, CA:  Global Strategic Management Institute (GSMI) is pleased to announce its Second Annual Governance, Risk Management, and Compliance Summit, April 28-30, 2010, at the Regal Sun Resort in Downtown Disney World, Orlando, Florida. 

The Spring 2010 Summit will include expanded and in-depth sessions addressing significant trends in the GRC market such as Continuous Controls Monitoring for Transactions and Confronting the Demands of Increased Corporate Oversight & Looming Regulatory Mandates.

Because so many security and information professionals find themselves with too few resources and too many challenges, GSMI has also included their 10 for 7 demonstration series where ten hand-picked industry experts will offer short presentations on available solutions, options and products which attendees may want to consider when tackling threats, vulnerabilities, controls and changing requirements.

This years keynote Speakers include: Mark Smith, CEO & EVP Research, Ventana Research, Bill Savage, Assistant Vice President- Enterprise Risk Management, The Hartford Financial Services Group, Inc., Michael Yip, Director of Risk Management Practice, Marsh Risk Consulting, Jason Mefford, VP of Process Assurance, Ventura Foods, Greg Reymann, Vice President and Chief Compliance Officer, Transamerica Asset Management Group, David F. Giannetto, CEO The Telos Group and Author, The Performance Power Grid, Dr. Mark L. Frigo, Ph.D., CPA, CMA, Director, The Center for Strategy, Execution, and Valuation and the Strategic Risk Management Lab, and Ali Samad-Khan, President, Stamford Risk Analytics. 

Program topics include two separate tracks dedicated to GRC-IT Focus and Legal/Regulatory Focus with sessions on:

• ·     Mastering Segregation of Duties: Authorization, Custody, Record Keeping & Reconciliation
• ·     Optimal Continuous Controls Monitoring for Transactions
• ·     GRC Outlook, Trends & Drivers Behind an Integrated, GRC Policy: Industry Experts Share an Umbrella of Insights
• ·     Deconstructing & Demystifying GRC vs. ERM
• ·     How to Avoid Wagging The Dog: Steering Clear of Costly Errors When Implementing a GRC Program
• ·     From Process (ERM) to Solution (GRC): Leveraging the Former to Effectuate that Latter
• ·     Cheaper, Smarter, Faster: Realizing the Benefits of XBLR
• ·     Where is the “S” in GRC? Ensuring that You Meet Security Requirements with Your GRC Program

This years sponsors include: CURA, andSRA. Media Partners include: ITGRCForum- Defining a Roadmap for GRC Strategies, Ventana Research, and fanfoundry. 

Register by March 5 to receive a special Early Bird Discount!

 For more information or to register for the event, go to

http://www.thegrcsummit.com

CONTACT:

Byron Mignanelli


GSMI


888.409.4418, ex. 2

byron@gsmiweb.com


http://www.thegrcsummit.com/index.php

About Global Strategic Management Institute

GSMI develops executive conferences, exhibitions, and leadership trainings for the world's leading business decision-makers. These dynamic and innovative services initiate and develop business relationships between director and C-level practitioners from the most influential organizations, for a stimulating environment to discuss key industry issues and mutually beneficial solutions. For more information visit http://www.gsmiweb.com/ .

February 12, 2010 San Diego, CA:  Global Strategic Management Institute (GSMI) is pleased to announce the East Coast counterpart to its Sustainable Building Series: The Sustainable Building Series: Retrofits (NYC), scheduled for May 10-12 at the Embassy Suites in New York City as part of its Green Educational Forums.

After the remarkable success of its first installment in San Francisco in 2009, GSMI wasted no time in responding to requests from many attendees at that event for the next installment.  The Sustainable Buildings Series East: Retrofits is a comprehensive program that incorporates the newest techniques, solutions and developments in this industry.

This years highlights include: a dedicated track specifically for the needs of municipalities on May 12^th and the inclusion of the more intimate and informative Facilitated Breakfast Chats where owners, managers, and officials can share stories and learn how their industry colleagues are approaching retrofitting and renovations on a wide range of pre-set topics, each of which will be facilitated by an industry expert.

Program topics include: Substantially Lowering Energy Costs with Sustainable Retrofits, Sustainable Building Valuations, Capitalizing on the Economic Recovery Stimulus Package, Financing Sustainable Retrofits, Creating Value with Investment In Green Retrofits CAP EX programs, LEED Certification Update, Baseline Assessments Marketing Sustainable Buildings, Brokers’ Perspectives on Demand for Green Space, Green Insurance & Lending Programs, Venture Capital Perspectives

 For more information or to register for the event, go to: http://www.sustainablebuildingsseries.com/

CONTACT:

Byron Mignanelli


GSMI


888.409.4418, ex. 2

byron@gsmiweb.com


http://www.sustainablebuildingsseries.com/

About Global Strategic Management Institute

At GSMI we are more than a conference company. We go out of our way to create rich environments for learning, networking and ensuring our customers have great experiences. You will go back to the office with new ideas, insights, skills and contacts.

We develop executive conferences, exhibitions, and leadership trainings for the world's leading business decision-makers. These dynamic and innovative services initiate and develop business relationships between director and C-level practitioners from the most influential organizations, for a stimulating environment to discuss key industry issues and mutually beneficial solutions. Our areas of focus include: For more information visit http://www.gsmiweb.com/.

January 27, 2010, San Diego, After the remarkable success of its first Mission-Driven Summit, Global Strategic Management Institute (GSMI), in partnership with Ascendant Strategy Management Group, is proud to announce that it will be hosting its second annual performance management event for government agencies and non-profit organizations, the Mission-Driven Performance Management Summit, in Washington, DC on March 2-4, 2010.  

This event will feature keynote sessions presented by Balanced Scorecard co-creators and management thought leaders Dr. Robert Kaplan and Dr. David Norton.  As an event specifically designed for government agencies and not-for-profit organizations, the Mission-Driven Performance Summit features case studies and thought-provoking sessions that will give you the insight to:

• Prove your impact in a time of increasing accountability requirements
• Implement your strategy while managing your risk
• Do “more with less” by improving your organization’s management
• Effectively partner with partners, customers, and affiliated organizations
• Align your management system with your measurement system

Keynote speakers include: Tiziana Dearing, President of Catholic Charities of Boston, Brett Jenks, President of RARE Conservation, and Lew Gedansky, Vice President of Governance & Executive Programs, Project Management Institute.  The conference will also feature in-depth training workshops led by Ascendant's managing partners on risk management, performance management, and human capital management.

This event will bring together leaders from across the country to discuss and advance the art and science of management in the public and social sector.  Commenting on his participation in this event, Dr. Kaplan said:

“The need for and interest in performance management in the nonprofit and government agency space is at an all time high.  I’m very excited to be a part of this event and look forward to helping mission-focused organizations of all sizes use the Balanced Scorecard to execute strategy.”

Over 200 organizational executives and managers representing not-for-profit organizations, foundations, and government agencies at the federal, state, and local levels will be in attendance. Some of last year’s attendees include: the Federal Bureau of Investigation, the Securities and Exchange Commission, Atlanta Public Schools, District of Columbia Public Schools, UNICEF, the Federal Reserve Bank, Goodwill Industries International, and The Food and Drug Administration (FDA).

Don’t miss out on the numerous case studies, interactive workshops, and networking sessions that await you.

To register, please visit www.MissionDrivenPerformance.comor call at 888.409.4418

About Global Strategic Management Institute

The Global Strategic Management Institute (GSMI) www.gsmiweb.com is the leading authority on performance based management practices and modern management theory.  Focused on educating today’s leaders for tomorrow’s performance, GSMI disseminates the latest innovations in management by studying and identifying “best-in-class” organizations. 

About Ascendant Strategy Management Group

Ascendant Strategy Management Group helps nonprofits, agencies, associations, and associations manage strategy, collaborate with stakeholders, and build communities around their strategy execution efforts.  We offer Balanced Scorecard and performance management training, facilitation, and consulting to help organizations accelerate mission results.  For more information, visit Ascendant online at http://www.ascendantsmg.com

January 25, 2010, San Diego, CA – Energy experts estimate that data centers eat up as much as 3% of all electricity generated in the United States.  Executives who are intent on both reducing the environmental impact and cost of their data center while finding ways to improve capacity, storage and efficiency, are looking for answers.  Corporate, non-profit and government sector executives, who are not necessarily IT professionals, must become familiar with how resource consumption within their data center affects things like electricity usage and carbon emissions.  These same executives must find ways to address the short term financial commitment to “greening” their data center while easing the budget pressures that come along with new regulations.

The Green Data Center Conference, hosted by the Global Strategic Management Institute (GSMI), scheduled for February 2-4, 2010 in San Diego will provide industry executives with answers, tools, and information that they need to navigate the seemingly complex task of “greening” their data center--   including everything from improving capacity, lowering energy usage and costs, to understanding the role of the facility and how to create a master plan.

Program topics include: Green Storage & Backup; How Economics, Regulation & Resources are Impacting Corporate Data Strategies; Cloud Computing; Outsourcing; Building Facilities; Quick Steps to Reduce Energy Consumption; Leveraging Virtualization in the Data Center;  Cyber Security & Disaster Recovery

The venue- San Diego’s shrine of green computing- The Supercomputer Center at University of California, San Diego.  The SDSC is an 80,000 “green” square foot expansion which was awarded LEED (Leadership in Energy and Environmental Design) Silver equivalent status, meaning it met certain optimal standards for energy efficiency across a variety of categories. It will operate 53% more efficiently than California standards and earned a California Public Utilities Commission Best Practices Award at the annual UC/CSU/CCC Sustainability Conference.

Confirmed participating companies and organizations include: I/O Data Center, Adaptec, IBM, Digital Realty Trust, Storage IO, Xiotech, Jones Lang LaSalle, the Storage Networking Industry Association (SNIA) and many more.

Four separately bookable workshops are also offered: Incorporating the Human Factor in the Green Data Center; Smart Data Centers; Advanced Energy Efficient Data Centers; Financial & Environmental Benefits of Virtualization.

Keynote speakers include: Jessica Black- Director Brightworks, Jon Flower- Vice President of Advanced Technology Adaptec, Scott Lewis- Founder and CEO Brightworks, Wayne Adams- Chairman SNIA Board of Directors, Mark Bramfitt, P.E.- Consultant Utility and Information Technology Industry Strategic Engagement, Bruce Myatt, P.E.- Director of Projects Mission Critical Facilities.  

The Green Data Center Conference is being sponsored by such innovative companies as: Rackwise, Glacial Energy, AIS-World Class Data Centers, Synapsense- Wireless Instrumentation Solutions, Future Facilities, and Arch Rock.

GSMI’s media partners include: Mission Critical Magazineand its associated website missioncriticalmagazine.com, Processor (.com)- Products, News, and Information Data Centers Can Trust, Data Center Journal- Where IT, Facilities, and, Design Meet, andThe Data Center Marketplace- A to Z Solutions for the Data Center.

For more information or to register for the event, go to www.greendatacenterconference.com

CONTACT:

Cheryl Fallick

GSMI

888.409.4418, ex. 5

Cheryl.Fallick@gsmiweb.com

www.greendatacenterconference.com

About Global Strategic Management Institute

Enterprise risk management (ERM) is an integrated, forward-looking and process-orientated approach to managing all key business risks and opportunities - not just financial ones - with the intent of maximizing value for the enterprise as a whole. KnowledgeLeader provides policies, tools, articles, and other resources to help you:
• Understand enterprise risk management
• Develop risk management and risk assessment checklists, policies, and procedures;
• Understand current risks;
• Discover best practices to mitigate risk;
• Reduce business risk in all areas.

Articles from thought leaders share techniques and approaches, providing ideas, best practices, and actionable advice. Select one of the areas below to view a sample of the risk management and risk assessment information available on KnowledgeLeader. We have also provided summaries of other risk related articles and tools that are available with a free trial or subscription.

Below you will find just a few examples of the KnowledgeLeader materials focused on Enterprise Risk Management:
• Tools
• Publications
• External Resources

Tools

Data Backup Policy
This policy is intended to provide a standardized means of backing-up and maintaining computer files within an organization. The backup and maintenance of files is critical to the viability and operations of a company, and it is essential that certain basic standard practices be followed to ensure that data files are backed up on a regular basis.

E-Business risks - Compliance

Compliance risk can result in failure to conform with laws and regulations that apply to a business process at the international, country, state and local level. This e-business white paper describes regulatory and other business risks related to compliance. Management best practices and performance measures are suggested. The article includes a list of questions that audit committees can ask to learn about compliance risks.

Enterprise Business Risk Management Process - Overview Framework

Enterprise business risk management is illustrated broadly in this framework. It is a continuous process of establishing risk management objectives, assessing risks within the context of established tolerances, developing strategies and implementing risk management processes, and monitoring and reporting upon those processes.

Enterprise Risk Management Interview Questionnaire

The ultimate goal of Enterprise Risk Management (ERM) is to evaluate total returns relative to total risks, leading to more informed business decisions. This questionnaire can be used when assessing an organization's enterprise risk management strategy. It focuses on the internal environment, objective setting, event identification, risk assessment, risk response, control activities, and information and communication.

Enterprise Risk Management Project Plan - Sample

Enterprise Risk Management (ERM) requires clear risk management goals and objectives, linked to business objectives and strategies. This document is a sample project plan utilized during the planning phase of implementing ERM across an organization. The project plan supports a phased implementation approach detailing tasks, deliverables, and a project timeline.

Fraud Prevention and Detection Audit Work Program

This program can be used by internal auditors as an evaluation tool or converted into a questionnaire for use with management to better understand current fraud prevention and detection program activities.

Human Resources Risk Management Presentation

This short guide helps define human resources risk, and identify the major HR processes and sub-processes where risks occur.

Job Description: Chief Risk Officer - Sample 3

This job description example provides requirements for the position of Chief Risk Officer.

Risk Assessment Survey Template - Sample

The goal of Enterprise Risk Management is to identify, evaluate and manage key risks impacting an organization's ability to achieve its objectives and strategies. This document provides a template to inventory and assess critical risk areas (business functions) and the associated risks embedded within each area. The results can be used to help develop an Internal Audit Plan. The results may also be included in the Risk Assessment Report provided to the Audit Committee.

Record Retention Questionnaire

Either premature destruction or loss of records or failure to destroy obsolete records can cause serious problems. This questionnaire helps to assure that records are retained in compliance with any regulatory requirements, and with company policy.

Risk Management Oversight Committee Charter

The purpose of the Risk Management Oversight Committee is to monitor the organization's risk environment and provide direction for the activities to mitigate, to an acceptable level, the risks that may adversely affect the company's ability to achieve its goals. This charter serves as an example document outlining this committee's various responsibilities.

Using Risk Management Frameworks

This presentation defines and describes various types of internal controls. Then it reviews control frameworks including COSO, COSO ERM, and COBIT. Finally, it describes the elements and implementation of an enterprise risk management solution.

The Combined Code of Corporate Governance (Turnbull Report) - UK

The Combined Code of Corporate Governance challenged directors of listed companies to raise their game on business risk management. To help companies respond, in 1999 the Institute of Chartered Accountants of England and Wales's (ICAEW) Internal Control Working Party chaired by Nigel Turnbull, published Internal Control: Guidance for Directors on the Combined Code ("the Turnbull report"). The Turnbull guidance was updated on October 2005.

Publications

Assimilating Governance into your ERM Process

In an increasingly risky world, the discipline of risk management is moving steadily beyond the tactical level as organizations take a fresh look at enterprise risk management (ERM) and explore how best to assimilate governance into their ERM process. Integrating governance and ERM is not a new idea. The two processes have long been intertwined conceptually. Since integration is so vital to the success of ERM, this article focuses on assimilating governance into the ERM process.

Challenges and Benefits of Operational Risk Indicators

Many financial institutions have tried to implement operational risk indicators, but with generally limited success. In many cases the implementations were too ambitious and did not allow sufficiently for the cultural and management philosophy change that is required. As described by David Farmer in this article, successfully implementing operational risk indicators is a long-term journey.

Control, Compliance and Risk Management at Duke University

Duke University was founded in 1924 when the Duke family of Durham, North Carolina provided a substantial endowment to Trinity College. In this profile, Mike Somich, Duke University's executive director of internal audit, discusses the importance of recruiting auditors with a variety of audit skills to cover the three groups he oversees - the University, Duke University Health System (including the School of Medicine) and information technology. His audit team is responsible for three auditing components at Duke - controls, compliance and risk.

Does Your Project Risk Management System Do The Job?

Managing risk is key to the successful and on-time completion of any project. Asking the right questions at the right time is important. Walkthroughs should be performed to observe key risk management components. Based on the tasks at hand in the project, appropriate personnel must be assigned, both at the project manager and project task levels. This article includes a list of common project risks and a description of quick responses to those risks.

Enterprise Risk Management in Practice - Profiles of Companies Building Effective ERM Programs

With the increased interest in enterprise risk management (ERM), it made sense to compile examples of how different companies in the United States, Europe and Japan are improving their risk management capabilities. In this publication, 11 companies are profiled discussing the common theme of how ERM is integrated into their operations. In producing the various profiles for this publication, several common themes emerged that demonstrate why and how companies across multiple industries are improving their risk management capabilities. Each of these profiles are published as stand-alone publications in the Performer Profiles area on KnowledgeLeader.

Enterprise Risk Management - Risk Intelligence and Anti-Fraud Controls

In today's environment of intense scrutiny by regulators and stakeholders, investment in risk management is more important than ever. At Foley's sixth annual National Directors Institute on March 8, 2007 in Chicago, Illinois, the topic of enterprise risk management's (ERM) relationship with risk intelligence and anti-fraud controls was the focus of a dedicated session. This discussion included case studies where companies incorporated ERM into their day-to-day operations.

Guide to Enterprise Risk Management: Frequently Asked Questions

In today's challenging global economy, there is a need for identifying, assessing, managing and monitoring an organization's business opportunities and risks. The concept of enterprise risk management (ERM) helps elevate the focus of risk management from the tactical to strategic level. The purpose of this publication is to address some of the most commonly asked questions with respect to ERM. It offers ideas, suggestions and insights to executives responsible for ERM implementation.

Managing Outsourcing and Offshoring Risk

As companies focus on managing their operations in a difficult economic environment, they seek to become leaner and more focused, efficient and effective. Over the last decade, many international companies have offshored work to other countries with a view toward achieving these objectives. This issue of The Bulletin explores the advantages, disadvantages, and the risks associated with outsourcing and offshoring. And how the risks can be managed when decisions are made to outsource and/or offshore business activities.

Overcoming Biases in Operational Risk Scenario Analysis

As traditional forecasting and planning no longer fully serve business needs, many financial organizations are using scenario analysis to evaluate the impact and likelihood of extreme but plausible risk events. In this article, David Shu explains how, if successfully executed, scenario analysis can be the most valuable element in an organization's operational risk management framework.

Risk Analysis and Risk Management

This article addresses frequently asked questions on risk analysis, including why, when and who should conduct IT risk analysis. It talks about the six steps necessary to perform a risk analysis, the three deliverables on the risk analysis process, and the six most common methods of risk mitigation. The appendices list control categories for operations controls, application controls, security controls and systems controls.

Risk-Based Performance Improvement

Performance management and risk management can complement each other and can result in improved company performance and the creation of shareholder value. However, reality shows that performance management initiatives and risk management activities are frequently not harmonized. This article describes the principle of Risk-Based Performance Improvement (RPI) and its associated benefits to companies.

Risk Quantification

Management of business risks has become an increasingly important issue. In this article, Protiviti's Dr. Gabriel Kuhn presents background information on risk measurement and estimation and shows several quantification methods for the four main risk types: credit, market, liquidity and operational risk.

The Elephant in the Room - Understanding the Audit Challenges of Project Risk

The value of internal audit as a critical component of corporate governance and risk management is an undisputed fact. However, within an increasing audit universe, there is an elephant in the room that often escapes notice during the audit planning process but can have significant implications for the business if left unaddressed. Part one of this two part series, introduces this elephant: the need for oversight and monitoring of project risk. The final part of the series discusses what traps to avoid when reviewing project risk and internal audit's growing role in this area.

The Practical Challenges of Enterprise Risk Management

Enterprise risk management (ERM) is currently front of mind for many senior executives and board members. Many companies have been challenged to implement ERM in a practical manner that meets the requirements of its board while not introducing unnecessary administration and costs on management and staff. This is not an easy balance to strike. So, what works in practice?

The Simple Truth Behind the Complex Idea of Risk

"Risk" is a dirty word in business circles today-but it doesn't have to be, says Rick Steinberg, Compliance Week columnist and principal author of the COSO ERM framework. "Risk management is not rocket science, and those who make it more complicated than it is are asking for trouble," he says. His advice on keeping it simple is inside.

A small internal audit team with big plans for Endurance Group

Endurance Group is a global leader in casting, suspension, transmission and braking products. In this profile, Shripad S. Limaye, the internal audit head at Endurance Group, shares the challenges and benefits of overseeing a team of three internal auditors. In addition, Limaye describes the importance of enterprise risk management to the organization, internal audit's role in this effort, and how it complements the team's risk-based audit approach.

Ten Common Risk Management Failures and How to Avoid Them

It is fashionable today to talk about the role of risk management in the global financial crisis. Indeed, risk management had a role - a very important one. As we look back and closely examine what has transpired, we often hear the same questions expressed with a noticeable point of inflection in the voice pitch: What were they thinking? What did they know? How did they let this happen? This issue of The Bulletin explores 10 common risk management mistakes and how they can be avoided.

External Resources

KnowledgeLeader also helps you find the best links to other ERM and Risk Assessment related resources on the web. Here are a few examples.

COSO Enterprise Risk Management - Integrated Framework

The framework defines essential enterprise risk management components, discusses key ERM principles and concepts, suggests a common ERM language, and provides clear direction and guidance for enterprise risk management. Engaged by COSO to lead the study, PricewaterhouseCoopers was assisted by an advisory council composed of representatives from the five COSO organizations.

Enterprise Risk Management: Frameworks, Elements, and Integration
S
tatements on Management Accounting (SMAs) present the views of IMA regarding management accounting and financial management issues. In their development, the Statements are subjected to a rigorous exposure process. The 2006 SMA on Enterprise Risk Management: Frameworks, Elements, and Integration provides an overview of the ERM process and frameworks and will help management accountants understand their roles and responsibilities in ERM projects.

IRMI: The Risk Analysis and Insurance Training Company

IRMI provides advice and strategies for risk management, insurance, and legal professionals. This website includes an online library of risk and insurance publications, conferences, webinars, and seminars.

OCEG

OCEG is a nonprofit organization that uniquely helps organizations drive Principled Performance^TM by enhancing corporate culture and integrating governance, risk management, and compliance processes via: guidelines and standards, community of practice, and evaluation criteria & benchmarks.

Protiviti's Enterprise Risk Management Solution

Enterprise risk management (ERM) is a structured and disciplined approach to managing risk. ERM aligns the organization's strategies, processes, technology and knowledge with the purpose of improving its ability to evaluate and manage, enterprise-wide, the uncertainties it faces as it creates value.

Risk and Insurance Management Society

The Risk and Insurance Management Society, Inc. is a professional organization dedicated to advancing the practice of risk management, a professional discipline that protects physical, financial and human resources.

Risk Center

RiskCenter is a web-based syndicated news service devoted exclusively to providing financial risk professionals with the inside scoop on breaking economic, political and financial stories, as well as the risk strategies required to measure and manage these risks. RiskCenter sources its information from federal banks, treasury units, and international agencies, for example-and internal sources.

Risk Management Resources

This page provides the latest training opportunities, publications, and resources on risk and control from The Institute of Internal Auditors.

The Risk Management Association (RMA)

Helping Financial Institutions Manage Risk Enterprise-Wide. In today's world, managing risk has become a necessity, not an option. The Risk Management Association (RMA), a member-driven professional association, helps banking and nonbanking institutions identify and manage the impacts of credit risk, operational risk, and market risk on their businesses and customers. They achieve this through education, research, networking, and leadership opportunities.

Originally Published: April 01, 2006

Internal auditors are faced with new challenges as the importance of understanding information technology (IT) and its impact on risk management becomes even more critical. Internal auditors can provide value to businesses if they use their IT knowledge to help an organization implement a successful enterprise risk management (ERM) program. Since Sarbanes-Oxley, ERM's increasingly important role in organizations has forced internal auditors to use a more risk-focused approach as an alternative to the more traditional control-based approach.

The internal environment of an organization includes risk appetite as well as other components such as ethical values. Decisions made about risk tolerance correlate with information technology choices. If an organization choices to use e-commerce, it becomes a global business and should consider all the risks associated with technological changes.

IT helps to provide timely data that will assist with the identification, analysis and response to risks. The organizational changes and the speed created by IT forces auditors to recognize and monitor how it impacts risk management. Therefore, IT is an asset for organizations trying to manage risk, but concurrently the increased use of IT creates risk that cannot be overlooked.

An organization's risk appetite establishes the objectives for the business while indirectly affecting the information technology infrastructure. Organizations that utilize e-commerce have a higher risk appetite and must be prepared to take the necessary precautions for a potentially greater reward.

Originally Published: May 01, 2008

The members discussed four major themes in the practical application of ERM oversight. The first topic they addressed was engaging management in the task of risk management. This theme permeated the rest of their discussions on the governance of risk management, identifying and prioritizing key risks, and ERM in action.

Engaging Management in the Task of Risk Management

The committee agreed that CEO involvement and buy-in was the priority to establishing effective enterprise wide risk management. They cited that CEOs were not taking the lead on this initiative for several reasons. The committee observed that top management didn't fully understand the concepts behind ERM, it seemed like an undertaking involving a change in culture, could not quantify the results, and felt they didn't receive a tangible return on investment.

Comments made by the committee included "You can have all the systems and procedures in the world, but without senior management buy-in, it's worthless." They shared best practices on achieving active involvement from the CEO and identified some concrete practices:

• Evaluate and compensate the CEO based on ERM's success
• Provide specific examples of instances in which ERM succeeded
• Do not let the ERM label get in the way
• Use ERM as a developmental opportunity
• Require the CEO's commitment to ERM
• Hire a CEO who views ERM as a priority

They illustrated examples and why each best practice was effective.

Governance of ERM

Members discussed the responsibility put on the audit committee to oversee ERM practices. While they debated whether this was the proper committee for the task, they all agreed on the importance of top management creating and implementing the ERM framework. Members had various examples of why it was essential to have the CEO driving the implementation, and not the oversight board.

Identifying and prioritizing risks

As members discussed experiences with risk identification, they again cited the importance of a top down approach enforced by senior management. The ERM system must reach across an entire organization and prioritize according to broad corporate objectives, not individual business entity's risk appetites. The committee listed many best practices for corporate-wide risk assessment including: aggregating and discussing individual business unit's listed risks, external consultants, and taking a broad risk and assessing the effect as it moved through the enterprise. There was concern over how management was implementing ERM currently. The network cited top management only assessing risks in the 10-K, and about instances of major changes that had not been identified by an in-place ERM system.

ERM in Action and Conclusions

The members agree that effective ERM is an ongoing process, but they have already seen much progress. A continued focus on a broad, top-down approach driven by senior leadership will lead to more effective ERM systems. The audit committee board can use tactics to maintain oversight and discuss key risks such as board dinners with management and interviews with business unit leaders.

The committee emphasized the importance of top management to implement an effective ERM system. The CEO must continually use risk assessment in strategizing, and keep analyzing and updating the processes in place. It is top management and the oversight committee's responsibility to ensure ERM is not a stand-alone process and must be continually updated.

Originally Published: April 01, 2006

Once a company completes their initial compliance with Section 404 of the Sarbanes-Oxley Act, they don't necessarily address the requirements needed to fully implement enterprise risk management (ERM). However, most companies that have taken this first step are developing more discipline and more control awareness within their business. The next important goal is to address the eight ERM components:

• internal environment,
• objective setting,
• event identification,
• risk assessment,
• risk response,
• control activities,
• information and communication, and
• monitoring.

The internal environment of a company is a reflection of how employees react to risks. The environment includes companies' methods of creating their risk appetite and moral values.

ERM makes certain the importance of setting objectives and matching those objectives with an organization's mission and risk tolerance. Also, the positive and negative risks must be identified before continuing with the risk management process. Risk assessment is used to decide how the risks should be managed. When using ERM, all business risks are considered instead of focusing only on financial reporting risks.

The communication of risk management and the responsibilities of all personnel are important components of a successful risk management process. Also, risk control activities are more closely monitored under ERM and organizations are encouraged to look at quality opposed to simply the pass/fail criteria under Section 404. Essentially, companies must see the benefits that can be realized in ERM and have a compelling desire to use ERM. The real turning point for ERM will take place when companies see the advantages and realize they need the competitive edge that can be obtained from closely monitoring all risks.